Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A private network service system comprising: a service link server configured to: obtain identification information of a mobile communication terminal connected to a public network, and request an Access Point Name-Operator Identifier (APN-OI) change to a home subscriber server, in response to the service link server receiving a request for a private network connection, the request for the private network connection being received from the mobile communication terminal or from a third server; a home subscriber server, comprising a processor and a memory, configured to: authenticate whether the mobile communication terminal is subscribed to a private network service in response to the request for the APN-OI change from the service link server, and in response to the authentication succeeding, identify an Access Point Name (APN) included in a subscriber profile of the mobile communication terminal stored on the home subscriber server and change a public APN-OI recorded in the APN to a private APN-OI; and a mobility management entity, implemented by a processor and a memory, that: receives the subscriber profile of the mobile communication terminal from the home subscriber server, and induces the mobile communication terminal to connect to a public gateway or a private gateway using an IP address of a public gateway or an IP address of a private gateway corresponding to the APN included in the subscriber profile, in response to connection being attempted from the mobile communication terminal.
The system provides a private network service for mobile communication terminals connected to a public network. The problem addressed is the need to securely and efficiently switch mobile devices between public and private network connections without manual configuration. The system includes a service link server that obtains identification information of a mobile terminal and requests an Access Point Name-Operator Identifier (APN-OI) change to a home subscriber server when a private network connection is requested. The home subscriber server authenticates the terminal's subscription to the private network service. Upon successful authentication, it identifies the terminal's APN in its subscriber profile and modifies the public APN-OI to a private APN-OI. A mobility management entity then receives the updated subscriber profile and directs the terminal to connect to either a public or private gateway based on the APN's IP address. This allows seamless switching between public and private network access without user intervention. The system ensures secure and dynamic network connectivity for mobile terminals based on their subscription status and service requirements.
2. The private network service system according to claim 1 , wherein, in response to the mobile communication terminal requesting a session setup with the private gateway, the private gateway is configured to identify a location of the mobile communication terminal and determine whether the mobile communication terminal is located in a private network service area based on the location, and wherein, in response to the mobile communication terminal being located in the private network service area, the private gateway is configured to form a session with the mobile communication terminal.
This invention relates to a private network service system designed to manage and control access to private network services for mobile communication terminals. The system addresses the challenge of securely and efficiently establishing communication sessions between mobile devices and private networks, ensuring that only authorized devices within designated service areas can access the network. The system includes a private gateway that interacts with mobile communication terminals. When a mobile device requests a session setup with the private gateway, the gateway first identifies the device's location. It then determines whether the device is within a predefined private network service area based on this location. If the device is confirmed to be within the service area, the private gateway establishes a session with the mobile communication terminal, enabling secure and controlled access to the private network. This approach ensures that only devices physically present in authorized areas can connect to the private network, enhancing security and preventing unauthorized access. The system dynamically verifies the device's location before allowing session formation, providing a robust mechanism for managing network access in restricted environments. The invention is particularly useful in scenarios where private networks must be accessible only to devices within specific geographic boundaries, such as corporate campuses, industrial facilities, or secure locations.
3. The private network service system according to claim 2 , wherein in response to the mobile communication terminal not being located in the private network service area, the private gateway is configured to reject the session setup requested by the mobile communication terminal, and the home subscriber server is configured to identify the APN included in the subscriber profile, and change the private APN-OI recorded in the APN to the public APN-OI.
This invention relates to a private network service system for mobile communication terminals, addressing the challenge of managing network access when a device is outside a designated private network service area. The system includes a private gateway and a home subscriber server (HSS) that work together to control access to private and public networks based on the terminal's location and subscriber profile. When a mobile communication terminal requests a session setup, the private gateway checks if the device is within the private network service area. If the terminal is outside this area, the gateway rejects the session request. The HSS then identifies the Access Point Name (APN) in the subscriber profile and modifies the private APN Operator Identifier (APN-OI) to a public APN-OI. This change ensures that the terminal is redirected to a public network instead of the private network, maintaining secure and appropriate network access. The system dynamically adjusts network access based on the terminal's location, preventing unauthorized access to private networks while ensuring connectivity through public networks when necessary. This approach enhances security and network management efficiency for mobile communication services.
4. The private network service system according to claim 1 , wherein in response to the authentication failing, the home subscriber server is configured to maintain the APN-OI recorded in the APN as the public APN-OI, and transmit a service disabled message to the mobile communication terminal.
A private network service system provides secure and isolated network access for mobile communication terminals within a private network environment. The system addresses the challenge of ensuring authorized access to private network services while preventing unauthorized usage of public network resources. The system includes a home subscriber server (HSS) that manages subscriber authentication and network access policies. When a mobile terminal attempts to connect, the HSS verifies the terminal's credentials and checks the Access Point Name (APN) against stored policies. The APN includes an Operator Identifier (APN-OI) that distinguishes between private and public network services. If authentication fails, the HSS retains the APN-OI associated with the private APN and transmits a service disabled message to the mobile terminal. This prevents the terminal from accessing public network services while maintaining the private APN-OI for future reference. The system ensures that only authorized users can access private network resources, enhancing security and preventing misuse of network services. The HSS dynamically enforces access control based on authentication status, ensuring compliance with network policies. This approach improves network security and operational efficiency by restricting unauthorized access while maintaining accurate records of network access attempts.
5. The private network service system according to claim 1 , wherein in response to a session between the mobile communication terminal and the private gateway being formed and the mobile communication terminal moving out of a private network service area, the private gateway is configured to release the session with the mobile communication terminal, and the home subscriber server is configured to identify the APN included in the subscriber profile, and change the private APN-OI recorded in the APN to the public APN-OI.
This invention relates to a private network service system for mobile communication terminals, addressing the challenge of seamless transition between private and public networks. The system includes a private gateway, a home subscriber server (HSS), and a mobile communication terminal. The private gateway manages access to a private network, while the HSS stores subscriber profiles containing an Access Point Name (APN) with a private APN Operator Identifier (APN-OI) for private network access. When a session is established between the mobile terminal and the private gateway, the terminal operates within the private network service area. If the terminal moves outside this area, the private gateway releases the session. The HSS then detects the APN in the subscriber profile and modifies the private APN-OI to a public APN-OI, enabling the terminal to transition to a public network. This ensures uninterrupted connectivity by dynamically updating the APN configuration based on the terminal's location. The system automates the handover process, preventing service disruptions when users move between private and public network zones. The invention improves network flexibility and user experience by maintaining seamless access to network services regardless of the terminal's location.
6. The private network service system according to claim 1 , wherein in response to the public APN-OI being changed to the private APN-OI, the home subscriber server is configured to request a session release of the mobile communication terminal from the mobility management entity, and the mobility management entity is configured to release a session with the mobile communication terminal.
This invention relates to private network service systems for mobile communication terminals, addressing the need to securely transition between public and private network access. The system includes a home subscriber server (HSS) and a mobility management entity (MME) that manage network sessions for mobile devices. When a mobile communication terminal is transitioning from a public access point name (APN-OI) to a private APN-OI, the HSS detects this change and initiates a session release process. The HSS sends a request to the MME to terminate the existing session with the mobile communication terminal. Upon receiving this request, the MME releases the session, ensuring the device disconnects from the public network before establishing a connection to the private network. This mechanism prevents unauthorized access and maintains secure network transitions. The system ensures seamless and secure switching between public and private networks by coordinating session management between the HSS and MME, enhancing network security and reliability for mobile communication terminals.
7. The private network service system according to claim 1 , wherein in response to the public APN-OI being changed to the private APN-OI, the home subscriber server is configured to transmit a cancel location message to the mobility management entity, and the mobility management entity is configured to transmit a connection release request message to the mobile communication terminal, transmit a cancel location ACK message to the home subscriber server in response to the cancel location message, and transmit a cancel session request message to the public gateway.
This invention relates to a private network service system for mobile communication terminals, addressing the challenge of securely transitioning between public and private network access. The system includes a home subscriber server (HSS), a mobility management entity (MME), and a public gateway. When a mobile terminal switches from a public Access Point Name (APN) to a private APN, the HSS sends a cancel location message to the MME. The MME then initiates a connection release request to the mobile terminal, ensuring the device disconnects from the public network. The MME also sends a cancel location acknowledgment (ACK) to the HSS and a cancel session request to the public gateway, terminating the public network session. This process ensures seamless and secure transition to the private network while maintaining proper network resource management. The system prevents unauthorized access and ensures proper cleanup of public network resources when switching to a private network. The invention improves network security and resource efficiency by automating the disconnection process during APN transitions.
8. The private network service system according to claim 1 , wherein to limit an external connection other than a service subscriber, the home subscriber server is configured to store an APN table including identification information of a plurality of mobile communication terminals subscribed to the private network service and a plurality of corresponding private APN-OI mapped to each other, and identify the APN table storing the plurality of corresponding private APN-OI mapped to the identification information of the plurality of mobile communication terminals and change the public APN-OI to the private APN-OI.
A private network service system restricts external connections to authorized subscribers by managing access through a home subscriber server (HSS). The HSS stores an APN (Access Point Name) table that maps identification information of multiple mobile communication terminals subscribed to the private network service to corresponding private APN-OI (Operator Identifier) values. When a connection request is received, the system checks the APN table to verify if the requesting terminal is a subscriber. If authorized, the system replaces the public APN-OI with the private APN-OI to route the connection through the private network. This ensures only subscribed devices can access the private network, preventing unauthorized external access. The system dynamically manages APN mappings to maintain secure and controlled network access for subscribers. The HSS acts as a central authority, validating subscriber identities and enforcing private network access policies. This approach enhances security by isolating private network traffic from public networks, ensuring only legitimate subscribers can establish connections.
9. The private network service system according to claim 1 , wherein the identification information of the mobile communication terminal comprises identification information of International Mobile Subscriber Identity (IMSI) or Mobile Station International Subscriber Directory Number (MSISDN).
A private network service system provides secure and controlled access to network resources for mobile communication terminals. The system addresses the challenge of ensuring authorized access while maintaining privacy and security in wireless communications. The system includes a mobile communication terminal, a base station, and a core network that collectively manage authentication and service provisioning. The mobile communication terminal is identified using unique identifiers such as International Mobile Subscriber Identity (IMSI) or Mobile Station International Subscriber Directory Number (MSISDN). These identifiers are used to authenticate the terminal and grant access to specific network services. The base station facilitates communication between the terminal and the core network, while the core network handles authentication, authorization, and service delivery. The system ensures that only authorized terminals can access the network, enhancing security and preventing unauthorized use. The use of IMSI or MSISDN provides a standardized and reliable method for identifying and authenticating mobile devices, ensuring seamless and secure connectivity within the private network. This approach improves network security, reduces unauthorized access risks, and supports efficient service management.
10. The private network service system according to claim 1 , wherein the request for the private network connection received by the service link server is received in a manner other than through the public network.
A private network service system provides secure connectivity between devices without relying on public networks. The system includes a service link server that establishes and manages private network connections between client devices. These connections are used for secure data transmission, remote access, or other networked operations while bypassing public network infrastructure. The system ensures that private network connections are authenticated, encrypted, and isolated from external networks to maintain security and privacy. In one implementation, the service link server receives requests for private network connections through alternative means rather than public networks. This could involve direct physical connections, dedicated private lines, or other secure communication channels that avoid exposure to public network vulnerabilities. By using these alternative methods, the system enhances security by reducing the risk of interception, egress filtering, or other threats associated with public network traffic. The system may also include features such as dynamic routing, bandwidth management, and access control to optimize performance and security for private network connections. This approach is particularly useful in environments where data confidentiality and integrity are critical, such as enterprise networks, government systems, or sensitive industrial applications.
11. The private network service system according to claim 1 , wherein the service link server is external to the public network and external to a private network associated with the private network service.
A private network service system provides secure communication between a private network and external entities while maintaining isolation from public networks. The system includes a service link server that operates outside both the public network and the private network, acting as an intermediary to facilitate secure data exchange. This server establishes encrypted connections to ensure data integrity and confidentiality, preventing unauthorized access from public networks while allowing controlled interaction with external services. The system also includes authentication mechanisms to verify the identity of users or devices before granting access to private network resources. By externalizing the service link server, the system enhances security by reducing exposure of the private network to potential threats from public networks. The solution addresses the challenge of securely integrating private networks with external services without compromising internal security or performance. The system may also include additional components such as firewalls, encryption modules, and access control policies to further strengthen security and manage data flow between networks. This approach ensures that sensitive data remains protected while enabling necessary communication with external entities.
12. A method for providing a private network service, in which a private network service system provides a subscriber with the private network service, the method comprising: receiving a request for a private network connection of a mobile communication terminal connected to a public network; authenticating whether the mobile communication terminal is subscribed to the private network service; in response to the authentication succeeding, identifying an Access Point Name (APN) included in a subscriber profile of the mobile communication terminal, and changing a public Access Point Name-Operator Identifier (APN-OI) recorded in the APN to a private APN-OI; in response to a request for connection being received from the mobile communication terminal, identifying the subscriber profile of the mobile communication terminal, and obtaining an IP address of a public gateway or an IP address of a private gateway corresponding to the APN included in the subscriber profile; and inducing the mobile communication terminal to connect to the public gateway or the private gateway using the obtained IP address of the public gateway or the obtained IP address of the private gateway.
The invention relates to a method for providing a private network service to mobile communication terminals connected to a public network. The problem addressed is enabling secure and seamless access to private network services while maintaining connectivity to public networks. The method involves a private network service system that receives a request for a private network connection from a mobile terminal. The system authenticates the terminal to verify its subscription to the private network service. Upon successful authentication, the system identifies an Access Point Name (APN) in the terminal's subscriber profile and modifies the public APN-Operator Identifier (APN-OI) to a private APN-OI. When the terminal requests a connection, the system retrieves the subscriber profile to obtain the IP address of either a public or private gateway associated with the APN. The terminal is then directed to connect to the appropriate gateway using the obtained IP address. This ensures that authorized users can access private network resources while maintaining public network connectivity when needed. The method dynamically manages network access based on authentication and subscriber profiles, enhancing security and flexibility in network service provision.
13. The method for providing a private network service according to claim 12 , further comprising: after inducing connection to the private gateway, identifying a location of the mobile communication terminal, and determining whether the mobile communication terminal is located in a private network service area based on the location; and in response to the mobile communication terminal being located in the private network service area, forming a session between the private gateway and the mobile communication terminal.
This invention relates to private network services for mobile communication terminals, addressing the challenge of securely and efficiently connecting mobile devices to private networks while ensuring the device is within an authorized service area. The method involves establishing a connection between a mobile communication terminal and a private gateway, then determining the terminal's physical location to verify whether it is within a predefined private network service area. If the terminal is confirmed to be within the authorized area, a secure session is formed between the private gateway and the terminal, enabling private network access. This approach enhances security by restricting access to authorized locations and ensures that network resources are only utilized when the terminal is within the designated service area. The method may also include additional steps such as authenticating the terminal before allowing access to the private network, further strengthening security measures. The solution is particularly useful in enterprise environments, secure facilities, or other scenarios where location-based access control is required.
14. The method for providing a private network service according to claim 13 , wherein the determining comprises: in response to the mobile communication terminal not being located in the private network service area, rejecting a session formation between the mobile communication terminal and the private gateway; and changing the private APN-OI recorded in the APN of the subscriber profile to the public APN-OI.
This invention relates to private network services for mobile communication terminals, specifically addressing the management of network access when a device is outside a designated private network service area. The problem solved is ensuring secure and appropriate network connectivity for mobile devices that may move between private and public network domains. The method involves a private gateway that controls access to a private network service. When a mobile communication terminal attempts to connect, the system checks its location. If the terminal is not within the private network service area, the system rejects the session formation, preventing unauthorized access. Additionally, the system modifies the Access Point Name (APN) settings in the subscriber profile by changing the private APN Operator Identifier (APN-OI) to a public APN-OI. This ensures the device defaults to a public network when outside the private service area, maintaining security and proper routing. The private gateway acts as an intermediary, enforcing access policies based on location. The APN modification ensures seamless fallback to public networks without manual intervention. This approach enhances security by restricting private network access to authorized areas while maintaining connectivity through public networks when necessary. The solution is particularly useful for enterprise or specialized private networks where controlled access is critical.
15. The method for providing a private network service according to claim 12 , wherein the receiving of the request for the private network connection comprises receiving the request for the private network connection of the mobile communication terminal from the mobile communication terminal or through a third server.
A method for providing a private network service involves establishing a secure and isolated communication channel for a mobile communication terminal. The method addresses the need for enhanced privacy and security in mobile communications by creating a dedicated network connection that prevents unauthorized access or interception of data. The private network service is initiated when a request for a private network connection is received, either directly from the mobile communication terminal or indirectly through a third-party server. This request triggers the setup of a secure communication path, ensuring that all subsequent data exchanges between the mobile device and the network are encrypted and protected from external threats. The method may also involve authenticating the mobile device and verifying its eligibility for the private network service before establishing the connection. Once the private network connection is active, the mobile device can communicate with other devices or servers within the private network while maintaining isolation from public networks. This approach enhances data security, prevents eavesdropping, and ensures compliance with privacy regulations. The method is particularly useful in scenarios where sensitive information is transmitted, such as in enterprise environments, healthcare, or financial services.
16. The method for providing a private network service according to claim 12 , wherein in response to the authentication failing, the method comprises maintaining the APN-OI as the public APN-OI, and transmitting a service disabled message to the mobile communication terminal.
A method for managing private network services in mobile communication systems addresses the challenge of securely authenticating devices while ensuring proper service provisioning. The method involves verifying the identity of a mobile communication terminal attempting to access a private network through an Access Point Name (APN) Operator Identifier (APN-OI). If authentication fails, the system retains the APN-OI as a public identifier and sends a service disabled message to the terminal, preventing unauthorized access while maintaining network integrity. This approach ensures that only authenticated devices can utilize private network resources, enhancing security and service reliability. The method integrates with broader network authentication processes, dynamically adjusting access permissions based on verification outcomes. By distinguishing between public and private APN-OIs, the system efficiently manages network traffic and access rights, reducing the risk of unauthorized usage. The solution is particularly relevant in environments where secure, private network access is critical, such as enterprise or IoT deployments. The method ensures seamless service management while enforcing strict authentication protocols, improving overall network security and operational efficiency.
17. The method for providing a private network service according to claim 12 , wherein the changing to the private APN-OI comprises releasing a session with the mobile communication terminal when the public APN-OI is changed to the private APN-OI.
A method for managing network access in a mobile communication system involves dynamically switching between public and private Access Point Name Operator Identifiers (APN-OIs) to control data routing. The method addresses the need for secure, private network access while maintaining compatibility with public network services. When transitioning from a public APN-OI to a private APN-OI, the system releases the existing session with the mobile terminal to ensure a clean transition. This prevents conflicts between public and private network configurations, ensuring data is routed correctly through the intended network infrastructure. The method may also include steps for establishing a new session with the private APN-OI, verifying network credentials, and reconfiguring network parameters to align with the private network's requirements. The approach is particularly useful in enterprise or IoT environments where devices must seamlessly switch between public and private networks while maintaining secure and efficient data transmission. The session release mechanism ensures that no residual public network configurations interfere with private network operations, enhancing reliability and security.
18. The method for providing a private network service according to claim 12 , wherein the method further comprises: after inducing a connection to the private gateway and in response to a session being formed between the private gateway and the mobile communication terminal, monitoring whether the mobile communication terminal moves out of a private network service area; and in response to the mobile communication terminal being determined to have moved out of the private network service area as a result of the monitoring, releasing the session with the mobile communication terminal, and changing the private APN-OI recorded in the APN of the subscriber profile to the public APN-OI.
This invention relates to private network services for mobile communication terminals, addressing the challenge of maintaining secure and efficient connectivity within a defined service area. The method involves establishing a private network service by connecting a mobile communication terminal to a private gateway through a private Access Point Name (APN) Operator Identifier (APN-OI). Once the connection is established and a session is formed between the private gateway and the mobile terminal, the system continuously monitors the terminal's location to detect if it moves outside the designated private network service area. If the terminal exits this area, the session is terminated, and the private APN-OI in the subscriber profile is automatically replaced with a public APN-OI. This ensures that the terminal transitions seamlessly to a public network while maintaining service continuity. The method enhances security by restricting private network access to authorized areas and optimizes resource allocation by releasing sessions when the terminal is no longer within the private network's coverage. The solution is particularly useful for enterprise or specialized network environments where controlled access and efficient resource management are critical.
19. The method for providing a private network service according to claim 12 , wherein the request for the private network connection is received by a service link server that is external to the public network and external to a private network associated with the private network service.
A method for providing a private network service involves establishing a secure connection between a public network and a private network while maintaining isolation from the public network infrastructure. The method addresses the challenge of securely connecting users or devices to a private network without exposing the private network to the vulnerabilities of the public network. A service link server, positioned outside both the public and private networks, receives a request for a private network connection. This server acts as an intermediary, facilitating the establishment of the connection while ensuring that the private network remains isolated from the public network. The service link server may authenticate the request, validate permissions, and manage the connection parameters to ensure secure and controlled access. The method ensures that data transmitted between the public and private networks remains protected, preventing unauthorized access or interference. This approach is particularly useful in scenarios where sensitive data or resources must be accessed from external locations while maintaining strict security and privacy standards. The service link server's external positioning allows for centralized management of connections, reducing the risk of exposure to the private network's internal infrastructure.
Unknown
March 24, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.